Flaws in Wi-Fi's New WPA3 Protocol Can Leak a Network's Password

By
Michael KanApril 12, 2019, 7:51 a.m.

WPA3 was announced last year as a major upgrade to protect Wi-Fi networks from password-cracking attacks. Unfortunately, WPA3 has some flaws that can be exploited to find out a Wi-Fi router's password, according to new research.

The next generation in Wi-Fi security actually has a serious flaw. New research has found that you can trick the technology to effectively leak the password to a Wi-Fi network.

On Wednesday, a pair of security experts disclosed several vulnerabilities with WPA3, a recently released protocol that was designed to protect Wi-Fi networks from intruders.

"Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network," researchers Mathy Vanhoef and Eyal Ronen wrote in a blog post summarizing their findings. "Concretely, attackers can then read information that WPA3 was assumed to safely encrypt."

WPA3 was announced last year as a major upgrade over the older WPA2 protocol, which has been around since 2004 and is particularly susceptible to password cracking attacks.

The problem with WPA2 is that the protocol transmits a "hash" or scrambled version of your Wi-Fi network's password. To crack the password, a nearby hacker simply needs to capture a single password exchange over the network. The hacker can then take this data home, and proceed to brute-force it with unlimited password attempts to find the right match. The simpler the password, the easier it'll be for the hacker to crack.

WPA3, on the other hand, tries to fix problem by using what's called the "Dragonfly handshake" (also known as Simultaneous Authentication of Equals handshake) to make a Wi-Fi network resistant to offline password guessing attempts.

With WPA3, the nearby hacker would supposedly have to remain around the Wi-Fi network in order to crack the password. In addition, the protocol features what called "forward secrecy." This means the hacker won't be able to decrypt any previously captured data from your Wi-Fi data stream, even if they've successfully learned the network's password.

Unfortunately, WPA3 isn't as secure as it seems. One problem is that the protocol is backwards compatible with the older and more vulnerable WPA2 system. In other words, devices can support both protocols and switch between the two.

So if a PC or smartphone transitions from WPA3 to WPA2 when connecting to a Wi-Fi network, the device can be tricked into leaking the password data. The researchers Vanhoef and Ronen managed to pull off this so-called "downgrade attack" by creating a WPA2-enabled dummy router that pretends to be the victim's official Wi-Fi router. If the victim's PC or smartphone tries to connect to the dummy router, their device will transmit enough password data over WPA2, which can then be cracked.

With such access, a hacker could spy over any unencrypted data sent over the Wi-Fi network. "This can, for example, be abused to steal sensitive information such as credit cards, passwords, chat messages, emails, and so on, if no extra protection such as HTTPS (encryption) is used," the researchers wrote.

On top of all this, the researchers developed a seperate, more sophisticated downgrade attack. Two other "side channel" vulnerabilities in the WPA3 protocol were also found, which can be used to leak data to help a hacker piece together a Wi-Fi network's password. "The resulting attacks are efficient and low cost," they added. "For example, the downgrade attacks can be exploited using existing WPA2 cracking tools and hardware. The side-channel vulnerabilities can, for instance, be abused to brute-force all 8-character lowercase passwords with as little as $125 worth of Amazon EC2 (cloud computing) instances."

The good news is that the attacks require a hacker to be nearby. Using a long, complex password for your Wi-Fi network can also help lessen the threat. And for perspective, WPA2 still remains the dominant standard across routers and consumer devices.

The Wi-Fi Alliance, which developed WPA3, has said that hardware manufacturers are starting to roll out patches to fix the newly-disclosed vulnerabilities. "These issues can all be mitigated through software updates without any impact on devices' ability to work well together. There is no evidence that these vulnerabilities have been exploited," the standards group said in a statement.

How the vulnerabilities will be fixed wasn't explained with technical details. But according to researchers, one idea is to never let a device switch back to the weaker WPA2 protocol when it's clear the Wi-Fi network supports WPA3. Many of the problems can also be addressed by changing the protocol's password encoding to limit the amount of information it leaks.

The Wi-Fi Alliance has predicted the tech industry will begin broadly adopting WPA3 later this year. However, the protocol was developed with no outside scrutiny, the researchers noted in their paper about their findings. "In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol," they wrote. "Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner."

According to the Wi-Fi Alliance there are already 250 *certified* devices that support WPA3. See https://t.co/08Yej15kFT So that is excluding non-certified devices

However, the Wi-Fi Alliance maintains that WPA3 "raised the bar" for wireless security, it said in its statement. The standards group is also embarking on additional testing to ensure the WPA3 technology works securely on the latest hardware.